CVE-2018-0739

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

References

https://www.openssl.org/news/secadv/20180327.txt

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33

http://www.securitytracker.com/id/1040576

http://www.securityfocus.com/bid/103518

https://usn.ubuntu.com/3611-1/

https://www.debian.org/security/2018/dsa-4158

https://www.debian.org/security/2018/dsa-4157

https://security.netapp.com/advisory/ntap-20180330-0002/

https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html

https://usn.ubuntu.com/3611-2/

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

https://www.tenable.com/security/tns-2018-04

https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/

https://www.tenable.com/security/tns-2018-07

https://www.tenable.com/security/tns-2018-06

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

https://security.netapp.com/advisory/ntap-20180726-0002/

https://securityadvisories.paloaltonetworks.com/Home/Detail/133

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/105609

https://access.redhat.com/errata/RHSA-2018:3221

https://access.redhat.com/errata/RHSA-2018:3090

https://access.redhat.com/errata/RHSA-2018:3505

https://security.gentoo.org/glsa/201811-21

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

https://access.redhat.com/errata/RHSA-2019:0367

https://access.redhat.com/errata/RHSA-2019:0366

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

https://access.redhat.com/errata/RHSA-2019:1711

https://access.redhat.com/errata/RHSA-2019:1712

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://security.gentoo.org/glsa/202007-53

Details

Source: MITRE

Published: 2018-03-27

Updated: 2021-07-20

Type: CWE-674

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (79 total)

IDNameProductFamilySeverity
139116GLSA-202007-53 : Dropbear: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
134104SUSE SLES12 Security Update : ovmf (SUSE-SU-2020:0495-1)NessusSuSE Local Security Checks
high
131184Oracle Enterprise Manager Ops Center (Jan 2019 CPU)NessusMisc.
critical
129004Oracle MySQL Connectors DoS (Jul 2018 CPU)NessusMisc.
medium
127975OracleVM 3.4 : openssl (OVMSA-2019-0040)NessusOracleVM Local Security Checks
medium
127265NewStart CGSL CORE 5.04 / MAIN 5.04 : ovmf Vulnerability (NS-SA-2019-0066)NessusNewStart CGSL Local Security Checks
medium
127262NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0065)NessusNewStart CGSL Local Security Checks
medium
126594RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 7 (RHSA-2019:1711)NessusRed Hat Local Security Checks
medium
124999EulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)NessusHuawei Local Security Checks
high
124903EulerOS Virtualization for ARM 64 3.0.1.0 : openssl (EulerOS-SA-2019-1400)NessusHuawei Local Security Checks
medium
700629MySQL 8.0.x < 8.0.12 Multiple Vulnerabilities (July 2018 CPU)Nessus Network MonitorDatabase
high
700627MySQL 5.7.x < 5.7.23 Multiple Vulnerabilities (July 2018 CPU)Nessus Network MonitorDatabase
high
123887EulerOS Virtualization 2.5.4 : openssl (EulerOS-SA-2019-1201)NessusHuawei Local Security Checks
medium
123871EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1185)NessusHuawei Local Security Checks
medium
123512Palo Alto Networks PAN-OS 6.1.x <= 6.1.20 / 7.1.x < 7.1.21 / 8.0.x < 8.0.14 / 8.1.x < 8.1.4 Multiple Vulnerabilities (PAN-SA-2018-0015)NessusPalo Alto Local Security Checks
medium
123242openSUSE Security Update : ovmf (openSUSE-2019-563)NessusSuSE Local Security Checks
medium
122292RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 (RHSA-2019:0367)NessusRed Hat Local Security Checks
critical
120997EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1009)NessusHuawei Local Security Checks
medium
120655Fedora 28 : libtomcrypt (2018-9d667bdff8)NessusFedora Local Security Checks
medium
120390Fedora 28 : 1:openssl (2018-49651b2236)NessusFedora Local Security Checks
medium
120324Fedora 28 : 1:compat-openssl10 (2018-2f696a3be3)NessusFedora Local Security Checks
medium
120061SUSE SLES15 Security Update : ovmf (SUSE-SU-2018:2072-1)NessusSuSE Local Security Checks
medium
119909EulerOS 2.0 SP2 : openssl (EulerOS-SA-2018-1420)NessusHuawei Local Security Checks
medium
119843IBM BigFix Platform 9.2.x < 9.2.15 / 9.5.x < 9.5.10 Multiple VulnerabilitiesNessusWeb Servers
medium
119520EulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1392)NessusHuawei Local Security Checks
medium
119464Amazon Linux AMI : openssl (ALAS-2018-1102)NessusAmazon Linux Local Security Checks
medium
119275GLSA-201811-21 : OpenSSL: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
119195Scientific Linux Security Update : ovmf on on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
medium
119194Scientific Linux Security Update : openssl on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
medium
118998CentOS 7 : openssl (CESA-2018:3221)NessusCentOS Local Security Checks
medium
118991CentOS 7 : ovmf (CESA-2018:3090)NessusCentOS Local Security Checks
medium
118833Amazon Linux 2 : openssl (ALAS-2018-1102)NessusAmazon Linux Local Security Checks
medium
118777Oracle Linux 7 : openssl (ELSA-2018-3221)NessusOracle Linux Local Security Checks
medium
118771Oracle Linux 7 : ovmf (ELSA-2018-3090)NessusOracle Linux Local Security Checks
medium
118534RHEL 7 : openssl (RHSA-2018:3221)NessusRed Hat Local Security Checks
high
118526RHEL 7 : ovmf (RHSA-2018:3090)NessusRed Hat Local Security Checks
medium
118203Oracle Enterprise Manager Cloud Control (October 2018 CPU)NessusMisc.
medium
117770Oracle Linux 6 : openssl (ELSA-2018-4228)NessusOracle Linux Local Security Checks
medium
117476openSUSE Security Update : compat-openssl098 (openSUSE-2018-997)NessusSuSE Local Security Checks
high
117450SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2018:2683-1)NessusSuSE Local Security Checks
high
112143openSUSE Security Update : kbuild / virtualbox (openSUSE-2018-938) (Spectre)NessusSuSE Local Security Checks
high
112097Amazon Linux AMI : mysql57 (ALAS-2018-1070)NessusAmazon Linux Local Security Checks
high
112096Amazon Linux AMI : mysql56 (ALAS-2018-1069)NessusAmazon Linux Local Security Checks
high
112092Amazon Linux AMI : openssl (ALAS-2018-1065)NessusAmazon Linux Local Security Checks
medium
111625openSUSE Security Update : mysql-community-server (openSUSE-2018-844)NessusSuSE Local Security Checks
high
111596FreeBSD : MySQL -- multiple vulnerabilities (909be51b-9b3b-11e8-add2-b499baebfeaf)NessusFreeBSD Local Security Checks
high
111593MySQL Enterprise Monitor 3.4.x < 3.4.8 / 4.0.x < 4.0.5 / 8.0.x < 8.0.1 Multiple Vulnerabilities (July 2018 CPU)NessusCGI abuses
critical
111588openSUSE Security Update : ovmf (openSUSE-2018-823)NessusSuSE Local Security Checks
medium
111569openSUSE Security Update : ovmf (openSUSE-2018-807)NessusSuSE Local Security Checks
medium
111507SUSE SLES12 Security Update : ovmf (SUSE-SU-2018:2158-1)NessusSuSE Local Security Checks
medium
111353AIX OpenSSL Advisory : openssl_advisory26.ascNessusAIX Local Security Checks
medium
111333Oracle Secure Global Desktop Multiple Vulnerabilities (July 2018 CPU)NessusMisc.
critical
111238Fedora 27 : libtomcrypt (2018-39e0872379)NessusFedora Local Security Checks
medium
111164Oracle Tuxedo Multiple Vulnerabilities (July 2018 CPU)NessusMisc.
high
111160MySQL 8.0.x < 8.0.12 Multiple Vulnerabilities (RPM Check) (July 2018 CPU)NessusDatabases
high
111159MySQL 8.0.x < 8.0.12 Multiple Vulnerabilities (Jul 2018 CPU) (Jul 2019 CPU)NessusDatabases
high
111158MySQL 5.7.x < 5.7.23 Multiple Vulnerabilities (RPM Check) (July 2018 CPU)NessusDatabases
high
111157MySQL 5.7.x < 5.7.23 Multiple Vulnerabilities (July 2018 CPU)NessusDatabases
high
111156MySQL 5.6.x < 5.6.41 Multiple Vulnerabilities (RPM Check) (April 2018 CPU)NessusDatabases
high
109945OpenSSL 1.0.x < 1.0.2o Multiple VulnerabilitiesNessusWeb Servers
medium
109682Oracle VM VirtualBox 5.1.x < 5.1.36 / 5.2.x < 5.2.10 (April 2018 CPU)NessusMisc.
high
109294openSUSE Security Update : virtualbox (openSUSE-2018-389) (Optionsbleed)NessusSuSE Local Security Checks
high
109161SUSE SLES11 Security Update : openssl (SUSE-SU-2018:0975-1)NessusSuSE Local Security Checks
medium
109022openSUSE Security Update : openssl (openSUSE-2018-361)NessusSuSE Local Security Checks
medium
109013SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2018:0925-1)NessusSuSE Local Security Checks
medium
108948SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0906-1)NessusSuSE Local Security Checks
medium
108946SUSE SLES12 Security Update : openssl (SUSE-SU-2018:0902-1)NessusSuSE Local Security Checks
medium
108913Fedora 27 : 1:compat-openssl10 (2018-9490b422e7)NessusFedora Local Security Checks
medium
108910Fedora 26 : 1:compat-openssl10 (2018-1b4f1158e2)NessusFedora Local Security Checks
medium
108776Fedora 27 : 1:openssl (2018-76afaf1961)NessusFedora Local Security Checks
medium
108775Fedora 26 : 1:openssl (2018-40dc8b8b16)NessusFedora Local Security Checks
medium
108764Debian DLA-1330-1 : openssl security updateNessusDebian Local Security Checks
medium
108731Debian DSA-4158-1 : openssl1.0 - security updateNessusDebian Local Security Checks
medium
108730Debian DSA-4157-1 : openssl - security updateNessusDebian Local Security Checks
medium
108709Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : OpenSSL vulnerability (USN-3611-1)NessusUbuntu Local Security Checks
medium
108690Slackware 14.2 / current : openssl (SSA:2018-087-01)NessusSlackware Local Security Checks
medium
108681FreeBSD : OpenSSL -- multiple vulnerabilities (b7cff5a9-31cc-11e8-8f07-b499baebfeaf)NessusFreeBSD Local Security Checks
medium
106563Tenable SecurityCenter OpenSSL 1.0.2 < 1.0.2n Multiple VulnerabilitiesNessusMisc.
medium
105292OpenSSL 1.1.0 < 1.1.0h AVX2 Montgomery Multiplication Private Key Derivation WeaknessNessusWeb Servers
medium